⛩️ DockGate

DockGate is a production-oriented Nginx reverse proxy solution, fully containerized with Docker.

It serves as the secure gateway to your backend services, designed to be cloned and deployed instantly on any VPS with minimal configuration. It comes pre-tuned with security best practices, so you don't have to reinvent the wheel.

✨ Features

• 🔒 Secure by Design: SSL/HTTPS support ready (bring your own certs).
• 🛡️ Hardened: Security headers (HSTS, X-Frame, etc.) included by default.
• 🕵️ Stealthy: Nginx version and server info are stripped from headers and error pages.
• 🧩 Modular: Easy to extend for multiple domains using a conf.d style structure.
• 🚀 Docker Native: Seamless integration with other Docker Compose services.

📂 File Structure

DockGate/
├── docker-compose.nginx.yml  # Main orchestration file
├── Dockerfile.nginx          # Custom build (adds modules/configs)
├── nginx.conf                # Core configuration
├── certs/                    # Place your .crt and .key files here
├── error_pages/              # Custom HTML error pages (404, 500, etc.)
├── http.d/                   # Virtual Hosts (One file per domain)
│   ├── 00-default.conf       # Catch-all configuration
│   └── 99-example.conf       # Template for your projects
└── snippets/                 # Reusable config blocks
    ├── ssl-params.conf       # Modern SSL ciphers
    └── security-headers.conf # Hardening headers

🚀 Usage

1. Setup

Clone the repository to your VPS:

git clone https://github.com/Cluyverth/DockGate.git
cd DockGate

2. SSL Certificates

Place your certificates in the certs/ folder.

• Certificate: certs/certificate.crt
• Private Key: certs/private.key

Note

If your certificates are named differently, update the paths in docker-compose.nginx.yml or inside your site configuration files.

3. Add a Service (Domain)

Don't edit the main config. Instead, create a new file in http.d/:

# Copy the template
cp http.d/99-example.conf http.d/03-myproject.conf

Edit http.d/03-myproject.conf:

1. Update server_name to your domain (e.g., api.myapp.com).
2. Update proxy_pass to match your container name (e.g., http://my-backend:8080).

4. Network Configuration

For Nginx to talk to your other containers, they must share a network.

In your backend's docker-compose.yml:

services:
  my-app:
    image: my-app:latest
    container_name: my-backend # This is the hostname Nginx will use
    networks:
      - dockgate_network

networks:
  dockgate_network:
    external: true
    name: dockgate_proxy # Ensure this matches the network name in DockGate

5. Deploy

Start the gate:

docker compose -f docker-compose.nginx.yml up -d --build

Your secure proxy is now listening on ports 80 and 443.

🛠️ Troubleshooting

• 502 Bad Gateway: Usually means Nginx can't find the upstream container.
  • Check if both containers are on the same Docker network.
  • Verify the proxy_pass hostname matches the container_name of your backend.
• Logs: Check the logs for syntax errors or connection issues:

  docker logs dockgate-nginx

🔒 Security Notes

• Headers: X-Content-Type-Options, X-Frame-Options, and HSTS are enabled globally via snippets.
• Least Privilege: The container is configured to run with minimal privileges necessary.
• Rate Limiting: You can enable rate limiting by uncommenting the relevant lines in the http.d/ config files.